tv C-SPAN2 Weekend CSPAN July 20, 2013 7:00am-8:01am EDT
that remains faithful to our democratic values. i want to begin by discussing in general terms the legal framework that governs intelligence collection activity and it is the bedrock concept that those activities are bound by the rule of law. this is a topic others have well-dressed including the general counsels of the central intelligence agency and the national security agency in speeches they have given so i will make this brief. we begin with the constitution. article 2 makes the president commander-in-chief and gives an extensive responsibility for the conduct of foreign affairs. the ability to collect foreign intelligence derives from that constitutional source. the first amendment protect freedom of speech and association and the fourth amendment
protects unreasonable searches and seizures. i want to make a few points about a fourth amendment. under established supreme court ruling the person has no legally recognized expectation of privacy in information he or she voluntarily gives to a third
party. obtaining those records from that third party is not a search of a person. on return to this point in a moment. second, the fourth amendment generally does not apply to foreigners outside the united states.
third, the supreme court has said the reasonableness under the fourth amendment of searches without a warrant depends on balancing, quote, the intrusion on the individual's fourth amendment interests against the surge's promotion of legitimate governmental interests. that is the constitution. there are also a variety of statutes governing our collection activity. first, the national security act and the number of laws related to specific agencies such as the central intelligence agency act or the -- limit what agencies can do so for example the cia is prohibited from law enforcement activities. we are governed by laws like the electronic communications privacy act, the privacy act and in particular for today the
foreign intelligence surveillance act or fiza which was passed by congress in 1978 and was amended in 2001-2008. it regulates electronic surveillance and other activities carried out for foreign intelligence purposes and bob will talk more about fiza later run. there's one important source of legal restrictions on intelligence activities and that is executive order 120003. this order which is the founding charter of the intelligence community provide additional limits on what intelligence agencies can do. it defines each agency's responsibilities and authorities and one particular provision is very significant. section 2.3. it provides elements of the intelligence community and i am quoting here with some ellipses, authorized to collect or disseminate information concerning united states person's only in accordance with procedures approved by the
attorney general after consultation with the director of national intelligence. these procedures have to be consistent with the agency's lawful authority. the procedures also have to establish strict limits on collecting, retaining or disseminating information about u.s. persons unless that information is for an intelligence value or certain other circumstances spell out in the order such as to protect against threats of life. these so-called u.s. prayers and rules are basic to the operation of the intelligence community. they are among the first things our employees are trained and that the core of our institutional culture. it is not surprising that our legal regime provide special rules for activities directed at united states persons. so far as i know and i am not an expert in this but so far as i know every nation in the world recognizes legal distinctions between citizens and non-citizens but i hope to make clear this morning our intelligence collection procedures also provide protection for privacy rights of
non-citizens. i want to turn to the impact of changing technology on privacy. prior to the end of the nineteenth century you would find very little discussion about a, quote, right to privacy. in the absence of mass media, photography and other technologies of the industrial age the most serious invasion of privacy which generally the results of gossip or peeping toms. in the 1890 article that first articulated the idea of a legal right to privacy, samuel warren grounded that idea on changing technologies. i will read a quote from the article. recent inventions in business methods, this is 1890, recent inventions in business methods, attention to the next step which must be taken for the protection of the curzon and securing to the individual what judge cool be called the right to be left alone. instantaneous photographs and newspaper enterprise invaded the sacred precincts of private and domestic life and numerous mechanical devices threatened to make good the prediction that
what is whispered in the closets of the proclaimed from the house talk. today 120 plus years later as a result of away digital technology is developed each of us's massive amounts of information with third parties. sometimes it is less obvious like when telephone companies for records listing every call we make. there is little doubt the amount of data each of us provides to strangers every day would astonish jefferson and madison. this leads me to what i consider the key question. why is it that people are willing to expose large quantities of information to private parties but don't want the government to have that same information? why for example don't we care if the telephone company keeps records of all of our phone calls but we do differently about the prospect of the same information going to nsa?
this is not a difficult question to answer. we care because of what the government could do with the information. and make a phone company the government has the power to audit our tax returns, prosecute and imprison as, grant or deny licenses to do business and many other things so there's an entirely understandable concern that the government might abuse this power. i don't mean to say private companies don't also have a lot of power over as. the growth of corporate privacy policies and a strong public reaction to the inadvertant release or commercial use of personal information by those companies reinforces my belief that our primary privacy concern today is less who has information than what they can and do do with it. no question the government because of its powers is properly viewed in a different light. on the other hand just as consumers make extensive use of modern technology so too to potential foreign terrorist organizations and hostile
governments. we know terrorists and weapons proliferators are using global information networks to conduct research to communicate and plan attacks, information that can help us identify and prevent terrorist attacks and other threats, hiding in plain sight among the vast amounts of information flowing around the globe. the new technology means the intelligence community must continue to find new ways to locate and analyze foreign intelligence information. we need to do more than connect the dots. we need to be able to find the right box in the first place. one approach to protecting privacy in this context would be to limit the intelligence community to targeted focused query's looking for specific information about identify individuals based on probable cause but from a national security perspective this would not be sufficient. the business of foreign intelligence has always been fundamentally different from the business of criminal investigation. rather than attempting to solve crimes that have happened already we are trying to find
out what is going to happen before it happens. we may for example have fragmentary information about someone who is plotting a terrorist attack and need to get more information to find and stop that. we may get information that is useless without a store of data to match it against such as getting the telephone number of a terrorist and wants to find out who he has been in contact with. we may learn about what we were previously unaware of causing us to revisit old information and find connections we didn't notice before, connections we would never know about if we have collected the information originally and kept it for some period of time. we worry all the time what we are missing in our daily effort to protect the nation and our allies. on the one hand you have vast amounts of data that contain intelligence needed to protect us not only from terrorism but threats such as cyberattacks, weapons of mass destruction and old-fashioned espionage. on the other hand giving the intelligence community access to this information has obvious
privacy implications. we achieved both security and privacy protection in large part by a framework that establishes appropriate controls over what the government can do with the information it lawfully collects and appropriate oversight taught in sure it respects those controls. these depend on a variety of factors such as the type of information we collect, where we collected, scope of the collection and the use the government intends to make the information. in this way we can allow the intelligence community to acquire necessary for an intelligence while providing privacy protection directed at the use of that information to take account of modern technology. in showing this morning that this approach is the way the system deals with intelligence collection i will use fiza as an example. this is all congress legislated the area of foreign intelligence activities. second because it covers a wide range of activities and involve all three sources of what i
mentioned earlier, constitutional, statutory and of -- several previously classified examples of what we do under fiza have been declassified and i know people want to know more about them. i don't mean to suggest this is the only way to collect foreign intelligence but it is important to know by virtue of executive order 120003 all the collection activities of our intelligence agencies have to be directed at the acquisition of foreign intelligence or counterintelligence. our nation's intelligence priorities are set annually for interagency process. the leaders of the country tell the intelligence community what information they need in the service of the nation, its citizens and interests and we collect information in support of those priorities. i want to emphasize the united states is a democratic nation, takes seriously this requirement that intelligence collection activities have a valid intelligent purpose. we do not use our foreign intelligence capabilities to steal trade secrets of foreign companies to give american
companies a competitive bid vantage. we do not indiscriminately sweet and store the contents of the communications of americans or the citizenry of any country. we did not use our intelligence collection capabilities for the purpose of repressing the citizens of any country because of their political, religious or other believe. we collect information about communication more broadly than we collect the actual content of communications but that is because it is less intrusive than collecting content and can provide information that helps us more narrowly focused collection of content on the appropriate for an intelligence targets. it simply is not true the united states government is listening to everything said by the citizens of any country. let me now turn to fiza. i will talk about three provisions of that law. additional fiza orders, the fiza business records provision and section 702. these provisions relate to the acquisition of different kind of information and provide limits on how it can be collected,
require procedures restricting what we can do with the information we collect and how long we can keep and impose oversight to ensure those rules are followed. this sets up a coherent regime in which protection are afforded at the front end information is collected, in the middle when that information is reviewed that used and at the back end through oversight, all working together to protect national security and privacy. the rules vary depending on factors such as the type of information being collected and in particular whether we are collecting the content of communications. the nature of the person or persons being targeted and how narrowly or broadly focused it is. they're not identical to criminal investigation but i hope to persuade you they are reasonable and appropriate in a different context of foreign intelligence so let's begin by talking about additional fisa collection. prior to the passage of fisa in 1978 the collection of foreign intelligence was the essentially
unregulated by statutory law. it was viewed as the core function of the executive branch. when the criminal wiretap provisions for originally enacted in 1968 congress put a provision expressly stating these provisions, quote, did not let the constitutional power of the president to obtain foreign intelligence information deemed essential to the national security of the united states. ten years later as a result of the abuses revealed by the church and hike committees congress did decide to impose a judicial aspect on some aspects of electronic surveillance for foreign intelligence purposes. this is codify in title i of fisa defined as traditional fisa. fisa established a special court, the foreign intelligence surveillance court to hear applications by the government to conduct electronic surveillance for foreign intelligence purposes. traditional fisa surveillance involve acquiring the content of communications, in truth of
implicating recognize privacy, and directed at individuals including american citizens, directly implicates the fourth amendment. to get traditional fisa quarter, the government must establish probable cause to believe the target of surveillance is the foreign power or agent of a foreign power, probable cause standard derived from standard used for wiretap criminal cases. if the target is the united states person he or she cannot be the chairman to be up for an power based on activity protected by the first amendment. you cannot be the subject of surveillance merely because of what you believe or think. marco rubio moment. by law views of information collected under traditional fisa must be subjected minimization procedures and that is a concept that is key throughout fisa. minimization procedures are approved by the fisa court. i am quoting from the fisa
statute, reasonably designed in light of the purpose and technique of a particular surveillance to minimize the acquisition and retention and prohibit dissemination of non publicly available information concerning and consenting united states person is consistent with the need of the united states to obtain and disseminate foreign intelligence information. for example minimization procedures generally prohibit disseminating the identity of any u.s. person unless the identity itself is necessary to understand the foreign intelligence or evidence of a crime. as a reference in the statue to the purpose and intent for particular surveillance is important minimization procedures can and do differ depending on the purpose of the surveillance and the technique used to implemented. these tailored minimization procedures are in important ways to provide appropriate protection for privacy. let me explain how traditional fisa works in practice but say the fbi suspects -- suspects
someone of in the united states of being a spy or terrorist and want to conduct electronic surveillance. there are some exceptions such as in the case of an emergency. as a general will the government has to present an application to the fisa court establishing probable cause to believe that person is an agent of a foreign power according to the second tour definition. that application is reviewed in several levels in the fbi and the department of justice before it is submitted to the court. if the surveillance is approve the target may have a conversation with a u.s. person that has nothing to do with the foreign intelligence purpose such as talking to a neighbor about a dinner party. and the the minimization procedures an analyst who listens to a conversation involving a u.s. person with no foreign intelligence now you, cannot share or disseminate it unless it is evidence of a crime and even if the conversation does have foreign intelligence value, say it is a terrorist talking to a confederate, that information may only be disseminated to someone with an
appropriate need to know the information pursuant to his or her legally authorized mission. in other words summing up, electronic surveillance under fisa title 1 implicates the well recognize privacy interests in the context of communication. in the subject will corresponding protection for privacy interest in terms of the requirement that it be narrowly targeted and have a substantial factual bases approved by the court and in terms of limitations on that information. let me turn to the second entity which is a collection of business records. after fisa was passed it became apparent it left significant gaps in our intelligence collection capabilities. in particular while the government had the power in a criminal investigation to the public protection of records with the grand jury subpoena it lacked similar authority in foreign intelligence investigations so a provision was added in 1998 to provide such authority and was amended by section 215 of the u.s. a patriot act which was passed
after 9/11 and that is
why the provision is referred to as section 215. allows us to apply to the fisa court requiring production of documents or other tangible things when they are relevant to and authorize national security investigation. records can be obtained only if there are types of records that could be obtained pursuant to a grand jury subpoena or other court process. when there is no statutory or other protection it would prevent the use of a grand jury subpoena to obtain them. in some respects this process is more restrictive than a grand jury subpoena. a grand jury subpoena issued by a prosecutor without prior judicial review whereas under the fisa business records provision we get court approval. moreover as with traditional fisa records obtained pursuant to the fisa business records are subject to court approved a minimization procedures that women retention of dissemination of information -- eliminate retention and dissemination of information and others, this one
does not apply. the fisa business records provision has been in the news because of one particular use of that provision. the fisa court has approved orders directing several telecommunications companies to produce certain categories of telephone data like the number making the calls, the number being called and the time, date and duration of the call. it is important to emphasize as we do every time we talk about this that under this program we do not get the contents of any conversation. we do not get the identity of any party to the conversation and we do not get any gps location will information. this limited scope of what we collect as important legal consequences. as i mentioned earlier the supreme court has held that if you voluntarily provided this kind of information to third parties you have no reasonable expectation of privacy of that information. all the data we get under this program is information the
telecommunications companies obtain and keep for their own business purposes. as a result the government can get the information without a warrant consistent with the fourth amendment. recognize there is a difference between getting a date at about one telephone number and getting it in bulk. from a legal point of view section 215 allows us to get records if they are relevant to the national security investigation and from a privacy perspective people worry that for example the government applied data mining techniques and learn new personal facts even when the underlying set of records is not subject to reasonable expectation of privacy for fourth amendment purposes. i want to make clear as i will explain in a minute we are not allowed to do that analysis of these records and they don't do it. on the other hand this information is useful from intelligence perspective. it can help identify links between terrorists overseas and their potential confederates in the united states. it is important to understand
involving support providers considerably slower and cumbersome. that could be a significant problem in the past investigation where speed and agility are critical like the plot to bomb new york city subways in 2009. the way we fill with intelligence that and protect privacy illustrates the approach i outlined earlier. from a subscriber's point of view the difference between a telephone company keeping records and the intelligence community keeping the same records is what the government could do with records. that is an entirely legitimate concern and we deal with budget limiting what the intelligence community is allowed to do with records. limitations that are specifically approved by the fisa court, we put this information in secure databases. the only information for which this information can be used, the only intelligent purpose for which this information can be used is counterterrorism. we only allow limited number of specially trained analysts to search the databases.
even those analysts are allowed to search the database only when they have but reasonable and articulate a suspicion that a particular telephone number is associated with particular foreign terrorist organizations that have been identified to the court. the basis for that reason elected global suspicion has to be documented in writing and approved by a supervisor. the, analysts are allowed to use this information only in a very limited way to map a network of telephone numbers calling of the telephone numbers. because this database contains only metadata even if analysts find a previously unknown telephone number warranting further investigation all she can do is disseminated telephone number. she doesn't need to know who's no. it is. any further investigation relating to that number has to be done pursuant to other lawful means. in particular any collection of the content of communications relating to that number would be done using another legal
authority like fisa title 1. finally the information is destroyed after five years. the net result is also we collect large volumes of metadata, we only look at a tiny fraction of it and only for carefully circumscribed purpose, to help us find links between foreign terrorists and people in the united states. the collection has to be brought to be operationally effective but is limited to non confidence data that has a low privacy value and not protected by the fourth amendment. doesn't even identify any individual. only the narrowest, most important use of this days permitted. other uses are prohibited. we protect privacy and national security. some question how the collection of a large volume of telephone metadata could comply with the statutory requirement that business records obtained be relevant to unauthorized investigation. we are working to see what additional information we can declassified including the actual court papers that have been filed but i can abroad
summary of this legal basis here today. it is important to remember he authorized investigation of the statute is an intelligence investigation, not a criminal investigation. i talked about the difference between these before. the statute said an authorized investigation is conducted pursuant in accordance with guidelines approved by the attorney general. those guidelines allow the fbi to conduct an investigation into a foreign terrorist entity. if there is an arctic global aspect will basis that reasonably indicate the entity may have engage international terrorism or other threats to national security or may be planning more supporting, in other words we can investigate an organization not merely an individual or particular act if there is a factual basis to believe the organization is involved in terrorism. in this case the government's applications to fisa to collect
metadata identified particular terrorist entities that are subject of the investigation. second office standard of relevance required by the statute is not a standard we think of in a civil or criminal trial under the rules of evidence. the court recognized another context the term relevance can import abroad standard. for example in the grand jury context the supreme court held a grand jury subpoena is proper and less -- there's no reasonable possibility the category of material the government seeks will produce information relevant to the general subject of the grand jury investigation. in civil discovery, the supreme court has said relevance is, quote, construed broadly to encompass any matter that bears or reasonably could lead to other matters that could bear on any issue that is or may be in the case. in each of these contexts the meaning of relevance is sufficiently broad to allow subpoenas or requests for information that encompass large volumes of information to locate
within those records a smaller subset of material that will be directly pertinent for be used in furtherance of the investigation were the case. the request is not limited to obtaining only those records that he or she can specifically identified as potentially incriminating or pertinent to establishing liability because to identify such records it is often necessary to collect a broader set of records that might potentially bear fruit by leading to specific material that could bear on the issue. when it passed the business records provision congress made clear that it had broad concepts of relevance such as these and to lessen the metadata collection program meets this broad reference standard because as i explained earlier the effectiveness of the query is allowed by the court under strict limitation of this program the query is based on reasonable and articulate losses addition the effectiveness of these queries depend on collecting and maintaining the
data from which against which the narrowly focused query's can be made. in the grand jury and civil discovery context concept is broad enough to allow the collection of information beyond that which turns out to be important to a terrorist related investigation. the scope of the collection at issue is broader than might be acquired through grand jury subpoena the basic principle is similar. the information is relevant because you need to have a broader set of records to identify within them the information that is actually important to a terrorism investigation when you make that query. the reasonableness of this collection overall is reinforced by all the stringent limitations i described that the court imposes to ensure the data is only used for that approved purpose. i want to repeat the conclusion the bulk metadata has approved is not that of the intelligence community alone. applications to obtain this data have repeatedly been approved by
numerous judges in the fisa court to determine the application complies with all of legal requirements and congress reauthorize section 215 in 2009-2011 after the intelligence and judiciary committees had been briefed on the program and after information describing the program was made available to all members of congress. all three branches of government have determined this collection is lawful and reasonable in large part because substantial protections would provide the privacy of every person whose telephone number is collected. the third program my want to talk about section 702 which is part of the fisa amendment act of 2008. a little history is in order by way of background. generally speaking as i said before title i of fisa governs electronic surveillance conducted in the united states for foreign intelligence purposes. when fisa was first passed in 1978 congress did not intend that would regulate targeting of foreigners outside the united
states for foreign intelligence purposes. this kind of surveillance was carved out of coverage under fisa by the way congress defined electronic surveillance in the statute. most international communication in 1978 took place via satellite. congress excluded international radio communications from the definition of electronic surveillance covered by fisa even when the radio waves were intercepted in the united states unless the target of the collection was a u.s. person in the united states. overtime that technology base differentiation fell apart. by the early 20 first century most international communications travel over fiber-optic cables and were no longer a international radio communications outside fisa's reach. at the same time there was a dramatic increase in the use of the internet for communications but including by terrorists. congress's original intention was frustrated. we were increasingly required to go to the fisa course for
individual warrants on a case by case basis to conduct electronic surveillance of foreigners overseas for foreign intelligence purposes. after 9/11 this burden began to degrade our ability to collect communications of foreign terrorists. section 702 created a more streamlined procedures to accomplish this surveillance so section 702 was not as some have suggested defanging of the pfizer course authority, and exchange fisa's surveillance to what congress place outside that oversight. the surveillance of foreign intelligence purposes for foreign overseas. i want to stage this american regime in opposing judicial supervision of a kind of foreign intelligence collection directed at citizens of other countries is a unique limitation that so far as i am aware does the on what other countries require of their intelligence services when they collect against persons who are not their own citizens.
the privacy and constitutional interests implicated by collection under section 702 fall between traditional fisa and metadata collection. we are collecting the full content of communications. on the other hand we are not collecting it in bulk but we are only targeting non u.s. persons outside the u.s. for valid for intelligence purposes. on the other hand the information is unquestionably of great importance for national security. , action under section 702 is one of the most valuable sources of foreign intelligence that we have. here again the statutory scheme and the means by which we implement it are designed to allow us to collect intelligence while providing appropriate protection for privacy. under the statute collection and the section 702 does not require a traditional orders authorizing collection against each target. the fisa court approves annual certification submitted by the attorney general and director of
national intelligence that identify categories of foreign intelligence that can be collected subject to court approved targeting procedures and minimization procedures. the targeting procedures are designed to ensure we target someone only if we have a valid for intelligence purposes, target now only non-u.s. persons believed outside the united states. and we do not intersect wholly domestic communication and we did not target any person outside the united states as a backdoor means inside the united states. these targeting procedures must be reviewed by the court to ensure they are consistent with the statute and the fourth amendment. the targeting procedures are a way of minimizing the impact of this collection, as to american and non-american by limiting the collection to the intended purpose. the concept of minimization procedures should be familiar by this point, the procedures that limit retention and dissemination about u.s.
persons. in the course of 702 collection we may acquire the communications of americans even though we are not targeting them. if we talk to non-u.s. persons outside the united states who are targeted for foreign intelligence collection some of these communications may be pertinent and some may not be. the incidental collection of non pertinent communications is the not unique to section 702. it is common whenever you collect information by criminal wiretaps or the target conversation's with his friends and family may be intercepted or we see terrorist's computer or address book neither of which is likely to contain non pertinent information. in passing 702 congress recognize this reality and required us to establish procedures to minimize the impact of the financial collection on the privacy of persons. how does section 702 work in practice? there are certification for several categories of foreign intelligence. let's say the intelligence
community gets information that a terrorist is using a particular e-mail address. nsa analysts look at the available data to assess whether the e-mail address would be a valid target under the statute in certification, whether the e-mail address belongs to someone who is not a u.s. person or whether the person with the e-mail addresses outside the united states and whether targeting an e-mail address is likely to lead to the collection of foreign intelligence relevant to the certification. only if all three of those requirements are met validated by supervisors will the e-mail address be approved for targeting. we do not randomly target e-mail addresses or, call for an individual's e-mail under section 702. we target specific accounts because we're looking for foreign intelligence information and after a target is approved the court approved procedures require nsa to continue to verify that it's targeting decision is valid based on any new information and acquires.
any communications we do collect under section 702 are placed and secured databases with limited access. trained analyst are allowed to use the data for valid for intelligence purposes but the minimization procedures require if they review a communication they determine involves a u.s. person or information about u.s. person and further determined that communication has no foreign intelligence value and is not evidence of a crime the communication must be destroyed and the nikkei's bullish in any case they are not destroyed after five years. under 702 we have a regime involving procedures that are designed to narrow focus of the data. it to protect policy by a multi layered controls not only on
what we collect that how we use what we collect based on the nature and intrusiveness of the collection, to take into account the ways that is useful to protect national security but we do not set out a set of rules and hope people will follow them. there are substantial safeguards in place that helped insure these rules are followed. the safeguards operate at several levels. the first is technological. the same technological revolution that enabled this kind of information, places relatively stringent controls on it. intelligence agencies can work with providers so that when they do provide information, the information we are allowed to acquire under the relevant order they don't provide additional information as well. we have secured databases will be stated to which only trained personnel have access. modern information security techniques allow us to create an audit trail tracking who uses
these databases and also we have a record to enable us to identify any possible misuse. i want to emphasize there is no indication that anyone has defeated those technological controls and improperly gained access to databases containing people's communication. documents like leaks business records secondary order are kept on other nsa databases that did not contain this collection information and many more personnel have access to those databases. we don't rely solely on technology. nsa has an internal compliance officer whose job includes developing processes that all personnel must follow to comply with the law. in addition decisions about what telephone numbers we used as a basis for searching telephone metadata are reviewed with nsa and the department of justice. decision about targeting intersection 702 are reviewed first within nsa and then the department of justice and my office, the office of the director of national
intelligence which has a dedicated civil liberties protection officer who oversees these programs. for traditional fisa protection the department of justice conduct reviews to insure information is used and disseminated in accordance with court approved a minimization procedures. independent inspectors general also review the operation of these programs. the point is not that any of these individuals is perfect but you have more and more people from more and more organizations overseeing operation of the programs. it becomes less and less likely and intentional errors will be the -- will go unnoticed or anyone will misuse the information. there is more. in addition to the oversight by the executive branch is considerable oversight by the fisa court and congress. the court has to review the procedures by which we collect intelligence under fisa to ensure these comply with the statute and the fourth amendment. in addition any compliance
violation the matter how march or small has to be reported to the court. improperly collected information generally must be debated subject only to some exceptions in the court orders and corrective measures are reported until the court is satisfied. i want to correct once again the erroneous claims that the fisa court is a rubber stamp. some as soon because the court approves almost every application it does not give these applications careful scrutiny. in fact the exact opposite is true. the judges and their staff review every application carefully. they often ask extensive probing questions, seeking additional information from the government or requests changes before the application is ultimately approved. the court does approve the great majority of the applications at the end of this process but before it does so the process is questioned and commented, sure that the application complies with the law. finally there is congress.
we are required to keep the intelligence and judiciary committees informed about these programs including detailed reports about their operation and compliance matters. we regularly engage with congress and discuss these authorities as we did this week to provide information in furtherance of oversight responsibilities. when congress reauthorize the section 215 and reauthorize section 702 in 2012 information was made available to every member of congress by briefings and written materials describing these programs in detail. in short or in summary is a better word, the procedures by which we implement the election under fisa are sensible means of accounting for privacy in the information age. bailout the intelligence community to collect invitation that is important to protect our nation and its allies while protecting privacy by imposing appropriate limits on the use of that information. much is collected but access analysis and dissemination of subject to stringent controls
and procedures. the same approach making the extent and nature of controls over the use of information very depending on the nature and sensitivity of that information applied throughout our intelligence collection. our intelligence collection helped protect our nation and its allies from a variety of threats. we have robust intelligence relationships with many countries. these relationships go in both directions but it is important to understand we cannot use for intelligence to get around intelligence by our laws. we expect services to operate in compliance with their own laws. by working with these other countries wheat helped to ensure our common security. many of the details remain classified, we have provided to congress a list of 54 cases in which the bulk metadata and section 702 authorities helped us understand potential
terrorist activity and even disrupt it from potential bomb attacks and material support for foreign terrorist organizations. 41 of these 54 cases involve threats in other countries including 25 in europe alone. we were able by virtue of intelligence collection to officials to these events and held them fulfill their mission of protecting their nation because of the intelligence capabilities we have. i believe our approach to achieving security and privacy is effective and appropriate. it has been reviewed and approved by all three branches of government and is consistent with the law and constitution but is not the only way to regulate intelligence collection. even before the recent disclosures occurred the president said we welcome a discussion about privacy and national security and currently working to declassified more information to inform that discussion in addition the privacy and civil liberties oversight board which is an independent body established by
statute charged with overseeing counterterrorism activities announced it intends to provide the president and congress a public report on the section 215 and 702 programs including collection of ball metadata. the board met with the president who welcomed the review and committed to providing all the materials they need to fulfil their oversight and advisory function and we have been doing that. we look forward to continuing to work with the board on this project but the discussion about these authorities can and should have taken place without recent disclosures which brought to public view the details of sensitive operations that were previously discussed on a classified basis with congress and with the committees that were set up to oversee intelligence operations. the level of detail in the current public debate reflects the departure with public understanding of the sensitive nature of intelligence operations demanded a more limited discussion. whether or not the value of the exposure of these details outweighs the cost to national security is up.
point. as the debate about our surveillance activities go forward i hope my remarks helped to provide an appreciation of the efforts made and continue to be made to make sure intelligence complies with laws and reflect our values. thank you very much. i will be glad to take some questions. i want to caution much of what we do remains classified for good reason so i am not going to be able to talk much about other activities that were not publicly disclosed or the details of the activities we have disclosed. we are working to declassify additional information but until the declassification is may i will be restricted in what i can say. thank you very much. [applause] >> before i ask the question or two before turning it over to the audience, beyond the classified open forum, just one more parameter. i suspect we have an audience --
if you ask -- if you ask to blow the whistle on how the cia faked the apollo moon landing or something there will not be time to answer. with that out of the way -- >> i guess i have just a few quick questions before we turn it over to the audience both of them bearing mostly on 215 but also other activities you mentioned. you referred to the longstanding wide-ranging executive branch's position on the relevant standard and put forward repeatedly the judgment to endorse it, congress endorsed in
various ways. there has not been controversy in the public about how this jives with relevance and in some quarters of congress as well, it essentially disagreeing with that view. i understand having that, those remarks you made, puts one position but there is still disagreement and confusion in the public. why not proceed on the basis of bulk collection statute with clearer language? >> that would be one option. you have to make sure it enables the flexibility and operational abilities that we need to conduct a collection. we don't think the statute is necessary. obviously congress thinks a new statute is appropriate congress can provide that. >> on that point you referred to
the papers underlying that interpretation and if you are not changing the law you are working on the back end as well. there should be as much declassification as possible but you mentioned the other day in your testimony before the house judiciary committee that refers to a comment, judge walston noted the intertwined nature of a lot of facts and legal analyses for these, particularly the judicial opinion, imagine that being true of the government as well but that sort of leaves us with the sort of -- it will be really hard and not necessarily clear sense of where the declassification project is and what we might see in the future. i am curious whether -- how much progress can be made. >> i am hopeful we can make a lot of progress. one of the hurdles to the classification earlier was the existence of the program was classified and is hard to think about releasing an opinion that says a particular program is
legal if you don't disclose what the program is. now that the program has been declassified we are looking at these, i personally hope we will be able to release court documents that will provide a greater visibility. >> you think that will be more in terms of all these activities or do you think that will be more in the metadata neighborhood? >> we are looking across the entire spectrum of our activity. generally speaking there is considerably less concern about the legal rationale for the 702 program than the -- we are looking at all our programs to see what can be declassified to inform the public debate. >> i will take a few. >> quick question. any fisa court, president in the fisa which is a secret court
that works closely with the agency which is not subject to review or a legal basis, and fisa intelligence people understand phone calls and other communications will be intercepted anyway so what is the real harm to national security by the ed snowden revelations? >> let me take the first one. it is important to go back to the history that i mentioned. this is not a course that exists to adjudicate individuals. it is a good -- it oversees the executive branch authorization of intelligence information. the court is unprecedented in that sense. the fact that its secret is a necessary consequence of the fact that it is overseeing secret activity. there are plenty of court proceedings that take place in secret in a variety of contexts particularly when they implicate
national security. second point the fact of the matter is we collect a lot of very valuable information. the fact pursuant to these programs, the fact of the matters without going into a lot of detail our adversaries noticed these revelations. too early to tell if it has in fact that there is no question they have sat up and taken notice of what has been released and the impact it has on their communication. >> before i call another person did you have any institutional affiliation, identify yourself. i know your institutional affiliation. you can go ahead and ask a question. this is alan friedman. >> thank you for your comments and taking time today, wanted to talk about oversight not just from a legal perspective but policy perspective. you help us appreciate the process. whether it is reported accurately or not there are reports, companies are forced to
compel data and these are large international companies, the impact of their trade relationships and international trade discussions, broader impact questions. i am wondering whether there has been any discussions as these programs expand you find new ways of gathering intelligence. is there some input from the american economics committee from the trade committee to understand the impact beyond the legal questions? >> the programs are classified so we don't generally discuss them. providers have an opportunity to be heard, we are always reassessing is this program sufficiently valuable to continue in light of the cost and we are doing that again right now. >> thank you very much. a question in terms of the use of information outside the
intelligence area, for example in terms of the f c p a enforcement. is that something that the doj can come t mask if there is an idea, can they come to gain that information, if the services come across that information can it be shared in terms of enforcement? >> generally speaking as i said, we can't tap the collection of information for those purposes. the department of justice can't ask us to collect evidence on that kind of a crime. terrorism is one thing but of cpa or other organizations we cannot be tasked to collect that. of the intelligence agency uncovers evidence of any crime
ranging from sexual abuse, they contend that information to the department of justice but the department of justice cannot tap the intelligence community. >> foreign policy magazine, you said when nsa analysts are trying to determine whether to target a particular e-mail address they attempt to evaluate it is a valid target by looking at whether it is sent by a u.s. person and whether that person was outside the u.s.. explain how they do that because determining those things by looking at an e-mail address is very difficult so how do they do that? >> it is technically very challenging. one of the things i am not at liberty to do is exactly talk about nsa's analytic tradecraft but they have information in databases they can check.
there may be other ways in which you can learn where an e-mail address is located or whether it is associated with the u.s. person but the rules require them to check a variety of databases to make that determination based on standard tradecraft. >> is it all in second place? >> it depends on the contents of the database. i don't know what is in everyone of nsa's databases. >> yes, ma'am? >> you mentioned with regard to the collection of business records you don't think individuals have legitimate expectation of privacy because they already disclose information to a third party, so many of these tech companies have not monopoly on the services they provide and when individuals can receive those
services without agreeing to all the terms would you consider that meaningful as far as providing that information to a third party? >> the relevant issue is not whether i would but whether the courts would and the courts do. the seminal case involves things like bank records. we need to have put bank account and we disclose bank records and we can generate those records, telephone companies use to be a monopoly. telephone calling records were held not to be subject to reasonable expectation of privacy. it is the same principle. >> at least one extraordinary surge, i want to make sure i understood. i understand among internal controls of the fisa process is look at examining these programs to see if they violated somebody's internal control.
sounded like what you said was the fisa process is internal control, never found an instance where the program's reach beyond those authorities. one of the scepticisms about internal controls is that they often, just like internal affairs in the police department, may not look as hard as they should but you could put that skepticism around and tell us how many fisa audits were done last year and reaffirms the fact that they never found these authorities in any program. >> i don't think that is what i said. the compliance violations have to be reported. there have been compliance violations. if i said something that led you to the conclusion that hy was saying there has never been a violation, that is not what i meant to save. you use the term fisa audits the we have different audit regimes for different programs.
there is an audit regime required for the 215 program, there is an audit regime for the 702 program, there's an audit regime required for the title i fisa and so on. i can't give you exact statistics. i just don't know some. i do know that the senate intelligence committee last year or the vote year before issued a report about in connection with the reauthorization of the section 702 program and in that report the majority of the senate intelligence committee specifically noted there has never been under the 702 program of finding of a willful violation of the law. there are occasions where people make mistakes, there are technological problems that lead to errors that there has not been a finding of somebody going in and willfully trying to evade the restrictions. >> timingwise we have one more here. >> i am wondering if you can
tell us all little information on how many times if there have been times some of the providers objective or challenge the court orders to turn over the metadata whether it is telephone or internet records? >> those proceedings, there is one court proceeding that has recently been in the news birdie fisa court ordered us to review documents for declassification and we are in the process of doing that but in terms of the proceedings they are still classified. there is a lot of material they are working on declassifying and we are trying to prioritize fins we think are the greatest public interest and trying to get that but i can't answer the question. >> i will give myself the last word. are those things the highest priority? >> to a certain extent the highest priority is getting out information, many have full of information about programs of which partial information is already out. >> thank you very much.
.. >> our live coverage are end around 7:30 p.m. eastern time, and the event will reair tonight at midnight. visit booktv.org for a complete schedule. at 1 p.m. eastern, we'll bring you interviews from booktv's college series. we talk to john taylor, he's the author of "five principles: five keys to resng